IT Portfolio Management: Preliminary Results of Federal Efforts to Address Statutory Requirements
Fast Facts
The federal government invests more than $100 billion annually in IT. But these investments can be poorly managed—resulting in IT that fails to deliver needed improvements and is often late and over budget.
A law aimed at improving IT management requires agencies to review their portfolios of IT projects and high-risk IT investments. Our ongoing analysis shows that agencies haven't completed these reviews.
This statement for the Congressional Record discusses our ongoing work. We will make recommendations, as appropriate, when our work is complete.
Improving federal IT management is on our High Risk List.
Highlights
What GAO Found
GAO's preliminary results indicate that the Office of Management and Budget (OMB) is not fully addressing eight key statutory requirements for IT portfolio management oversight contained in the Federal Information Technology Acquisition Reform Act (FITARA). Specifically, OMB is partially following four of the five requirements on IT portfolio reviews and is not following any of the three requirements on high-risk IT investments (see table).
Preliminary Analysis of the Extent to Which the Office of Management and Budget (OMB) Followed Statutory Requirements
Requirement |
Assessment |
---|---|
IT portfolio reviews |
|
Implement a process to assist agencies in reviewing their IT portfolios. |
◐ |
Develop standardized cost savings/avoidance metrics and performance indicators for agencies to implement the process. |
◐ |
Carry out the Federal Chief Information Officer's (CIO) role of being involved in an annual review of each agencies' IT portfolio in conjunction with the agency's CIO and Chief Operating Officer or Deputy Secretary (or equivalent). |
○ |
Submit a quarterly report on the cost savings/reductions in duplicative IT investments identified through this review process to key committees in Congress. |
◐ |
Submit to Congress a report on the net program performance benefits achieved as a result of major capital investments made by agencies for information systems and how the benefits relate to the accomplishment of the goals of the agencies.a |
◐ |
High-risk IT investment reviews |
|
Carry out consultation responsibilities of the Federal CIO to agency CIOs and program managers of major IT investments that receive high-risk ratings for four consecutive quarters. |
○ |
Communicate the results of high-risk IT investment reviews to specified committees of Congress. |
○ |
Deny any request of additional development, modernization, or enhancement funding for a major investment that has been rated high-risk for a year after the high-risk IT investment review. Additional funding should be denied until the agency CIO determines that the root causes of the risk have been addressed, and there is capability to deliver the remaining increments within the planned cost and schedule.b |
○ |
Legend: ◐ Partially followed = the agency demonstrated that it was following some, but not all, of the requirement; ○ Not followed = the agency did not demonstrate that it was following the requirement.
Source: FITARA and GAO analysis of OMB documentation. | GAO-24-107665
aThis language preceded FITARA in 40 USC 11302 and remained in the relevant section as part of the FITARA revisions.
bThis requirement does not apply to investments at the Department of Defense.
GAO's preliminary analysis shows that none of the 24 agencies fully met the requirements for annual IT portfolio reviews. In addition, eight agencies with major IT investments rated as high-risk for four consecutive quarters did not follow the FITARA requirements for performing high-risk IT investment reviews. Specifically, three of the eight agencies performed the reviews but they did not address the specific requirements in law. The remaining five agencies did not perform the reviews.
Why GAO Did This Study
The executive branch has undertaken numerous initiatives to better manage the more than $100 billion that is annually invested in IT. However, federal IT investments too frequently fail to deliver capabilities in a timely manner. Recognizing the severity of issues related to the government-wide management of IT, in December 2014, Congress and the President enacted federal IT acquisition reform legislation, commonly referred to as FITARA.
GAO was asked to summarize its draft report on OMB's and agencies' efforts to implement FITARA's IT portfolio management requirements.
To develop its preliminary results, GAO identified FITARA requirements for annual IT portfolio reviews and high-risk IT investment reviews. GAO then compared agency documentation from OMB and the 24 Chief Financial Officers Act agencies to the requirements. GAO also interviewed OMB staff and agency officials regarding their IT portfolio management practices.
Recommendations
GAO is making 10 preliminary recommendations to OMB to improve IT portfolio guidance, processes, and reporting; and 36 preliminary recommendations to 24 agencies to improve their IT portfolio management and high-risk investment review processes. GAO will finalize its preliminary results and recommendations after considering agencies' comments on the draft report.